A typical corporate enterprise utilizes the Internet to communicate with customers and vendors, to conduct research, and to perform various other tasks. The organization also creates and maintains confidential and proprietary information, such as financial data, personal information, confidential documents, intellectual property, and customer lists as part of the usual course of business. Theft of proprietary information is one of the most costly security problems facing enterprises today. For example, theft of financial data, customer lists, and intellectual property can impact revenues, increase legal costs, and erode long-term competitive advantages for an enterprise.
Conventional enterprises typically utilize a variety of security platforms to provide security controls with respect to information controlled by the enterprise. For example, certain security information and event management (SIEM) platforms, such as the RSA enVision® platform produced by EMC Corporation, Hopkinton, Mass., are configured to collect event or log data, such as security related events or authentication events, generated by event sources, such as servers, routers, and switches present on an enterprise's network. As the security platform collects the event log data, the security platform stores the event data as part of an Internet Protocol Database (IPDB). Based upon the event data stored in the IPDB, an administrator can query the security platform and retrieve data reports regarding network, file, application, and user activity tailored to a variety of compliance requirements. Additionally, based upon the log data stored in the IPDB, the security platform can provide the administrator with security event alerts that allow the administrator to see security threats and risks in real time and to take effective actions to mitigate those threats and risks.